US8171336B2 - Method for protecting a secured real time clock module and a device having protection capabilities - Google Patents

Method for protecting a secured real time clock module and a device having protection capabilities Download PDF

Info

Publication number
US8171336B2
US8171336B2 US12/163,610 US16361008A US8171336B2 US 8171336 B2 US8171336 B2 US 8171336B2 US 16361008 A US16361008 A US 16361008A US 8171336 B2 US8171336 B2 US 8171336B2
Authority
US
United States
Prior art keywords
real time
time clock
clock module
secured real
multiple input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12/163,610
Other versions
US20090327795A1 (en
Inventor
Michael Priel
Dan Kuzmin
Amir Zaltzman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Xinguodu Tech Co Ltd
NXP BV
NXP USA Inc
Original Assignee
Freescale Semiconductor Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Freescale Semiconductor Inc filed Critical Freescale Semiconductor Inc
Priority to US12/163,610 priority Critical patent/US8171336B2/en
Assigned to FREESCALE SEMICONDUCTOR, INC. reassignment FREESCALE SEMICONDUCTOR, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KUZMIN, DAN, PRIEL, MICHAEL, ZALTZMAN, AMIR
Assigned to CITIBANK, N.A. reassignment CITIBANK, N.A. SECURITY AGREEMENT Assignors: FREESCALE SEMICONDUCTOR, INC.
Publication of US20090327795A1 publication Critical patent/US20090327795A1/en
Assigned to CITIBANK, N.A. reassignment CITIBANK, N.A. SECURITY AGREEMENT Assignors: FREESCALE SEMICONDUCTOR, INC.
Assigned to CITIBANK, N.A., AS COLLATERAL AGENT reassignment CITIBANK, N.A., AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: FREESCALE SEMICONDUCTOR, INC.
Publication of US8171336B2 publication Critical patent/US8171336B2/en
Application granted granted Critical
Assigned to CITIBANK, N.A., AS NOTES COLLATERAL AGENT reassignment CITIBANK, N.A., AS NOTES COLLATERAL AGENT SECURITY AGREEMENT Assignors: FREESCALE SEMICONDUCTOR, INC.
Assigned to CITIBANK, N.A., AS NOTES COLLATERAL AGENT reassignment CITIBANK, N.A., AS NOTES COLLATERAL AGENT SECURITY AGREEMENT Assignors: FREESCALE SEMICONDUCTOR, INC.
Assigned to FREESCALE SEMICONDUCTOR, INC. reassignment FREESCALE SEMICONDUCTOR, INC. PATENT RELEASE Assignors: CITIBANK, N.A., AS COLLATERAL AGENT
Assigned to FREESCALE SEMICONDUCTOR, INC. reassignment FREESCALE SEMICONDUCTOR, INC. PATENT RELEASE Assignors: CITIBANK, N.A., AS COLLATERAL AGENT
Assigned to FREESCALE SEMICONDUCTOR, INC. reassignment FREESCALE SEMICONDUCTOR, INC. PATENT RELEASE Assignors: CITIBANK, N.A., AS COLLATERAL AGENT
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS Assignors: CITIBANK, N.A.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS Assignors: CITIBANK, N.A.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. SUPPLEMENT TO THE SECURITY AGREEMENT Assignors: FREESCALE SEMICONDUCTOR, INC.
Assigned to NXP, B.V., F/K/A FREESCALE SEMICONDUCTOR, INC. reassignment NXP, B.V., F/K/A FREESCALE SEMICONDUCTOR, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Assigned to NXP B.V. reassignment NXP B.V. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Assigned to NXP USA, INC. reassignment NXP USA, INC. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: FREESCALE SEMICONDUCTOR INC.
Assigned to NXP USA, INC. reassignment NXP USA, INC. CORRECTIVE ASSIGNMENT TO CORRECT THE NATURE OF CONVEYANCE LISTED CHANGE OF NAME SHOULD BE MERGER AND CHANGE PREVIOUSLY RECORDED AT REEL: 040652 FRAME: 0180. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER AND CHANGE OF NAME. Assignors: FREESCALE SEMICONDUCTOR INC.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE PATENTS 8108266 AND 8062324 AND REPLACE THEM WITH 6108266 AND 8060324 PREVIOUSLY RECORDED ON REEL 037518 FRAME 0292. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS. Assignors: CITIBANK, N.A.
Assigned to SHENZHEN XINGUODU TECHNOLOGY CO., LTD. reassignment SHENZHEN XINGUODU TECHNOLOGY CO., LTD. CORRECTIVE ASSIGNMENT TO CORRECT THE TO CORRECT THE APPLICATION NO. FROM 13,883,290 TO 13,833,290 PREVIOUSLY RECORDED ON REEL 041703 FRAME 0536. ASSIGNOR(S) HEREBY CONFIRMS THE THE ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS.. Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Assigned to NXP B.V. reassignment NXP B.V. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE APPLICATION 11759915 AND REPLACE IT WITH APPLICATION 11759935 PREVIOUSLY RECORDED ON REEL 037486 FRAME 0517. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS. Assignors: CITIBANK, N.A.
Assigned to NXP B.V. reassignment NXP B.V. CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE APPLICATION 11759915 AND REPLACE IT WITH APPLICATION 11759935 PREVIOUSLY RECORDED ON REEL 040928 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST. Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Assigned to NXP, B.V. F/K/A FREESCALE SEMICONDUCTOR, INC. reassignment NXP, B.V. F/K/A FREESCALE SEMICONDUCTOR, INC. CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE APPLICATION 11759915 AND REPLACE IT WITH APPLICATION 11759935 PREVIOUSLY RECORDED ON REEL 040925 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST. Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/04Generating or distributing clock signals or signals derived directly therefrom
    • G06F1/14Time supervision arrangements, e.g. real time clock
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/81Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations

Definitions

  • the present invention relates to methods for protecting a secured real time clock module and for a device having protection capabilities.
  • Real time clock modules have various applications. They can be used for providing timing information for operating systems, for enforcing policies for time-sensitive data, for assisting in positioning calculations and the like.
  • Real time clock signals can be tampered for various reasons including copyrighting piracy, concealing hacking or tampering attempts, reducing the functionality of a device and the like.
  • One tampering method involves repetitive alterations of the supply voltage provided to the real time clock module, in order to force the secured real time clock (SRTC) module to reset, to get stuck, to output a secured key stored in the SRTC module, to read invalid commands, and the like.
  • SRTC secured real time clock
  • the supply voltage can be provided by a so-called “external” voltage supply unit—a voltage supply unit that is located outside an integrated circuit that includes the secured real time clock module.
  • FIG. 1 schematically shows an example of an embodiment of a device that has secured real time clock (SRTC) module protection capabilities
  • FIG. 2 schematically shows an example of an embodiment of a method for protecting a SRTC module
  • FIG. 3 schematically shows an example of an embodiment of a method for protecting a SRTC module.
  • an SRTC module can be protected by selectively locking its input ports and unlocking its input ports.
  • the inputs ports are unlocked only if a predefined high frequency code is provided to a control input port of the SRTC module.
  • a predefined high frequency code can not be generated by tampering the supply voltage provided to the SRTC module.
  • the input ports are locked if they are not active during at least a first duration. This first duration is set in response to the timing of expected (valid or authorized) programming sequences of the SRCT module. Thus, during an programming sequence the input ports remain unlocked.
  • FIG. 1 schematically shows an example of an embodiment of device 10 that has SRTC module protection capabilities.
  • Device 10 can have information (data and/or media) processing capabilities.
  • Device 10 can be a mobile device such as but not limited to laptop computer, a mobile phone, a media player, a mobile game console and the like.
  • Device 10 can also be a stationary apparatus such as a desktop computer, a plasma screen, a television, a media entertainment system, a monitoring system, a stationary game console, a network node, a router, a switch, and the like.
  • Device 10 can include one or more displays, processors, memory units, loudspeakers, microphones, DMA controllers, and the like.
  • Device 10 can include multiple integrated circuits.
  • Device 10 includes voltage supply unit 20 that is connected to integrated circuit 100 .
  • Integrated circuit 100 includes low power mode circuit 120 , control module 110 , high frequency code generator 80 , high frequency clock generator 70 , and SRTC module 140 .
  • SRTC module 140 includes multiple inputs, such as inputs 50 ( 1 )- 50 (k), control input 50 (p), protection module 130 , monitor 40 , a control circuit, registers 62 , high pass filter 66 , controller 60 and SRTC generator 90 .
  • Voltage supply unit 20 provides supply voltage Vdd 131 to integrated circuit 100 . This supply voltage is sent to various components of integrated circuit 100 , including but not limited to low power mode circuit 120 and SRTC module 140 . Low power mode circuit 120 can apply power saving techniques that involve shutting down various components of integrated circuit 100 during low power periods. Low power mode circuit 120 provides a gated supply voltage Vgdd 132 to control module 110 , high frequency code generator 80 and high frequency clock generator 70 . Vgdd 132 is not provided during low-power periods.
  • Vdd 131 and even Vgdd 132 can fluctuate or otherwise change.
  • a change in a level of Vdd 131 or Vgdd 132 can cause supply voltage induced changes of input signals provides to one or more inputs ports 50 ( 1 )- 50 (k) of SRTC module 140 . These changes should be filtered out.
  • High frequency code generator 80 is connected to high frequency clock generator 70 , control module 110 and control input 50 (p) of SRTC module 140 . It generates a predefined high frequency code (denoted CODE 133 ) and sends it to control input 50 (p) while it receives an enabling signal (denoted EN 134 ) from control module 110 and while it receives a high frequency clock signal (for example a 20-30 Mega Hertz clock signal) from high frequency clock generator 70 . Once the provision of enabling signal EN 134 stops the high frequency code generator 80 stops generating the predefined high frequency code, even if it was in the middle of generating such a code.
  • enabling signal EN 134 stops the high frequency code generator 80 stops generating the predefined high frequency code, even if it was in the middle of generating such a code.
  • control module 110 high frequency code generator 80 , and high frequency clock generator 70 are disabled and the predefined high frequency code can not be sent to SRTC module 140 .
  • the predefined high frequency code is used to unlock inputs 50 ( 1 )- 50 (k) of SRTC module 140 . It has a frequency that is higher than the maximal frequency of supply voltage induced changes of an input signal that is provided to control input 50 (p).
  • the high frequency can be few tens of megahertz while the maximal frequency of supply voltage induced changes is below one megahertz.
  • the maximal frequency of the supply voltage induced changes is limited by the maximal frequency of voltage supply level changes. These changes are bounded by the relatively large capacitance of the voltage supply grid.
  • SRTC module 140 includes high pass filter 66 that is connected between control input port 50 (p) and controller 60 .
  • High pass filter 66 filters out supply voltage induced changes of an input signal that is provided to control input port 50 (p) and passes the high frequency predefined code.
  • Control module 110 controls integrated circuit 100 or at least some portions of integrated circuit 100 . It is shut down during low power periods. It can determine when SRTC module 140 should be unlocked and send enabling signal EN 134 to high frequency code generator 80 . It can also write information (such as bit not limited to commands) to inputs 50 ( 1 )- 50 (k) of SRTC module 140 .
  • Input ports 50 ( 1 )- 50 (k) of SRTC module 140 are connected to mask 30 .
  • Mask 30 is also connected to controller 60 , to monitor 40 and to registers 62 .
  • Controller 60 determines whether mask 60 should mask input signals that are receives over inputs 50 ( 1 )- 50 (k) or to unmask these input signals. Inputs ports 50 ( 1 )- 50 ( k ) are locked or isolated when mask 30 masks these input signals. Input ports 50 ( 1 )- 50 (k) are unlocked when mask 30 is transparent and unmasks these input signals.
  • Controller 60 also controls SRTC generator 90 in response to control information.
  • the control information can be provided over input ports 50 ( 1 )- 50 (k) and can then be stored in registers 62 .
  • the control of SRTC generator 90 can involve determining the frequency of the SRTC signal CLK 141 , halting SRTC generator 90 , renewing the operation of SRTC generator 90 and the like.
  • SRTC module 140 can be programmed, by programming sequences. These programming sequences do not occur during low power periods.
  • a programming sequence can include multiple commands that are spaced apart in time. The timing associated with a programming sequence (for example the timing gap between one command to another), are known in advance or can be estimated with a reasonable accuracy.
  • SRTC module 140 should remain unlocked during the programming sequence, but should be locked during other periods. This can be guaranteed by determining a first duration (that is responsive to timing of a programming sequence) and locking SRTC module 140 if input ports 50 ( 1 )- 50 (k) are idle during at least that first duration.
  • the first duration is shorter and even much shorter than the duration of a typical low power period.
  • the first duration can be shorter than few percents (for example shorter than 5%) of a low power period.
  • a low power period can exceed one hundred milliseconds and can be much longer while the first duration can be few milliseconds.
  • Monitor 40 is connected to the output ports of mask 30 .
  • the activity of the output ports of mask 30 reflects the activity of input ports 50 ( 1 )- 50 (k).
  • monitor 40 does not sense any activity. Accordingly, monitor 40 ignores supply voltage induced changes of input signals introduced when SRTC module 140 is locked.
  • Controller 60 is also adapted to unlock input ports 50 ( 1 )- 50 (k) by instructing mask 30 to be transparent if, after these input ports are locked, a predefined high frequency code is received over control input port 50 (p) of SRTC module 140 .
  • This high frequency code is high pass filtered by high pass filter 66 .
  • Mask 30 is controlled by controller 60 . It masks input signals when SRTC module 140 is locked and is transparent when SRTC module 140 is unlocked.
  • Mask 30 can include various circuits such as bit not limited to AND gates, OR gates, XOR gates, and the like.
  • the type of logic gates of mask 30 are designed according to the level of an isolation signal (denoted ISOLATE 135 ) that should cause an isolation of input ports 50 ( 1 )- 50 (k).
  • an isolation signal denoted ISOLATE 135
  • the logic gates can be a combination of inverters and AND gates.
  • the logic gate can be a NAND gate and the input signal can be passed through an inverter.
  • FIG. 1 mask 30 includes logic gates 30 ( 1 ) and 30 (k) that are AND gates, each AND gate includes an inverting input port that receives isolation signal 135 such that when isolation signal is “high” mask 30 masks the input signals.
  • FIG. 2 schematically shows an example of an embodiment of method 200 for protecting a SRTC module.
  • Method 200 starts by stages 214 and 230 .
  • Stage 214 includes monitoring the input ports of an SRTC module to determine an activity of the input port. An input port is deemed active during a period that it received input signals that change over time.
  • Stage 214 conveniently includes stage 215 of monitoring output ports of a mask that is connected to the input ports of the SRTC module, in order to determine an activity of the multiple input ports of the SRTC module.
  • Stage 215 can include ignoring supply voltage induces changes of input signals that are introduced while the multiple input ports of the SRTC module are locked.
  • the mask is used to selectively lock the input ports of the SRTC module.
  • Stage 214 is followed by stage 210 of locking multiple input ports of the SRTC module if the multiple input ports of the SRTC module are idle during at least a first duration.
  • Stage 210 can also include stage 212 of locking the multiple input ports of the SRTC module by applying a mask on input signals provided to the multiple input ports of the SRTC.
  • Method 200 also includes either one of stages 242 and 244 .
  • Stages 242 and 244 can follow stage 210 .
  • Stage 220 can be followed by stage 214 .
  • Stage 242 includes generating the high frequency code by a high frequency code generator that is idle during each low-power period. Conveniently, the multiple input ports of the SRTC module are idle during at least one low-power period, each low-power period being longer than the first duration. Stage 242 can also include stage 246 of generating the high frequency code by a high frequency code generator as long as the high frequency code generator receives an enabling signal that is received only during periods that differ from low-power periods.
  • Stage 244 includes receiving the high frequency code by a high frequency code generator that is idle during the low power period.
  • the multiple input ports of the SRTC module are idle during at least one low-power period, each low-power period being substantially longer than the first duration.
  • Stage 244 can include generating the high frequency code by a high frequency code generator as long as the high frequency code generator receives an enabling signal that is received only during periods that differ from low-power periods.
  • Stages 242 and 244 are followed by stage 220 of unlocking the multiple input ports of the SRTC module if a predefined high frequency code is received over a control input port of the SRTC module.
  • Changes in a supply voltage results in a supply voltage induced changes of an input signal provided to an input port of the SRTC module.
  • a maximal frequency of the supply voltage induced changes of the input signal is lower than the high frequency of the predefined high frequency code.
  • Stage 220 can include stage 222 of unmasking the input signals provided to the input ports of the SRTC module. Stage 222 can also include of high pass filtering signals sent over the control input port so as to filter out supply voltage induced changes.
  • Stage 230 includes providing an SRTC signal when the multiple input ports of the SRTC module are locked and when the multiple input ports of the SRTC module are unlocked.
  • FIG. 3 schematically shows an example of an embodiment of method 300 for protecting a SRTC module.
  • method 300 is executed by protection module 130 .
  • Method 300 starts by stage 302 of checking is any input port of the SRTC module is active. This stage is repeated until no input port of the SRTC module is active. Once the answer is negative stage 302 is followed by stage 304 of checking whether a first duration has lapsed since the last activity on one or more (or even all) input ports of the SRTC module. If the answer is negative stage 304 is followed by stage 302 , else it is followed by stage 306 of locking multiple input ports of the SRTC module.
  • Stage 306 is followed by stage 308 of checking if a predefined high frequency code was received via a control input port of the SRTC module (after the multiple input ports of the SRTC module were locked). Stage 308 is repeated until receiving a positive answer and then it is followed by stage 310 of unlocking the multiple input ports of the SRTC module. Stage 310 is followed by stage 302 .
  • any two components herein combined to achieve a particular functionality can be seen as “associated with” each other such that the desired functionality is achieved, irrespective of architectures or intermedial components.
  • any two components so associated can also be viewed as being “operably connected,” or “operably coupled,” to each other to achieve the desired functionality.
  • the invention is not limited to physical devices or units implemented in non-programmable hardware but can also be applied in programmable devices or units able to perform the desired device functions by operating in accordance with suitable program code.
  • the devices may be physically distributed over a number of apparatuses, while functionally operating as a single device. For example,

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Power Sources (AREA)

Abstract

A method for protecting a secured real time clock module, the method includes: locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration; unlocking the multiple input ports of the secured real time clock module if a predefined high frequency code is received over a control input port of the secured real time clock module; and providing a secured real time clock signal when the multiple input ports of the secured real time clock module are locked and when the multiple input ports of the secured real time clock module are unlocked; wherein changes in a supply voltage results in a supply voltage induced changes of an input signal provided to an input port of the secured real time clock module; wherein a maximal frequency of the supply voltage induced changes of the input signal is lower than the high frequency of the predefined high frequency code.

Description

FIELD OF THE INVENTION
The present invention relates to methods for protecting a secured real time clock module and for a device having protection capabilities.
BACKGROUND OF THE INVENTION
Real time clock modules have various applications. They can be used for providing timing information for operating systems, for enforcing policies for time-sensitive data, for assisting in positioning calculations and the like. U.S patent application serial number 2002/0083284 of Matsubara et al., titled “Data reproduction system, data recorder and data reader preventing fraudulent usage by monitoring reproducible time limit”, U.S. Pat. No. 5,920,727 of Kikinis et al., titled “Timer-controlled computer system shutdown and startup”, U.S patent application serial number 2004/0128528 of Poisner titled “Trusted real time clock” and U.S patent application serial number 2004/0225439 of Gronemeyer, titled “Method and apparatus for real time clock (RTC) brownout detection, illustrate some usages of real time clocks.
Real time clock signals can be tampered for various reasons including copyrighting piracy, concealing hacking or tampering attempts, reducing the functionality of a device and the like.
One tampering method involves repetitive alterations of the supply voltage provided to the real time clock module, in order to force the secured real time clock (SRTC) module to reset, to get stuck, to output a secured key stored in the SRTC module, to read invalid commands, and the like.
The supply voltage can be provided by a so-called “external” voltage supply unit—a voltage supply unit that is located outside an integrated circuit that includes the secured real time clock module.
Monitoring of these external voltage supply units can be power consuming and during low power modes the monitoring should be stopped.
SUMMARY OF THE PRESENT INVENTION
The present invention provides a method and a device as described in the accompanying claims. Specific embodiments of the invention are set forth in the dependent claims. These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.
BRIEF DESCRIPTION OF THE DRAWINGS
Further details, aspects, and embodiments of the invention will be described, by way of example only, with reference to the drawings.
FIG. 1 schematically shows an example of an embodiment of a device that has secured real time clock (SRTC) module protection capabilities;
FIG. 2 schematically shows an example of an embodiment of a method for protecting a SRTC module; and
FIG. 3 schematically shows an example of an embodiment of a method for protecting a SRTC module.
 DETAILED DESCRIPTION OF THE DRAWINGS
Because the apparatus implementing the present invention is, for the most part, composed of electronic components and circuits known to those skilled in the art, circuit details will not be explained in any greater extent than that considered necessary as illustrated above, for the understanding and appreciation of the underlying concepts of the present invention and in order not to obfuscate or distract from the teachings of the present invention.
In the following specification, the invention will be described with reference to specific examples of embodiments of the invention. It will, however, be evident that various modifications and changes may be made therein without departing from the broader spirit and scope of the invention as set forth in the appended claims.
It has been found that an SRTC module can be protected by selectively locking its input ports and unlocking its input ports. The inputs ports are unlocked only if a predefined high frequency code is provided to a control input port of the SRTC module. Such a predefined high frequency code can not be generated by tampering the supply voltage provided to the SRTC module. The input ports are locked if they are not active during at least a first duration. This first duration is set in response to the timing of expected (valid or authorized) programming sequences of the SRCT module. Thus, during an programming sequence the input ports remain unlocked.
FIG. 1 schematically shows an example of an embodiment of device 10 that has SRTC module protection capabilities.
Device 10 can have information (data and/or media) processing capabilities. Device 10 can be a mobile device such as but not limited to laptop computer, a mobile phone, a media player, a mobile game console and the like. Device 10 can also be a stationary apparatus such as a desktop computer, a plasma screen, a television, a media entertainment system, a monitoring system, a stationary game console, a network node, a router, a switch, and the like. Device 10 can include one or more displays, processors, memory units, loudspeakers, microphones, DMA controllers, and the like. Device 10 can include multiple integrated circuits.
In the example of FIG. 1, Device 10 includes voltage supply unit 20 that is connected to integrated circuit 100.
Integrated circuit 100 includes low power mode circuit 120, control module 110, high frequency code generator 80, high frequency clock generator 70, and SRTC module 140. SRTC module 140 includes multiple inputs, such as inputs 50(1)-50(k), control input 50(p), protection module 130, monitor 40, a control circuit, registers 62, high pass filter 66, controller 60 and SRTC generator 90.
Voltage supply unit 20 provides supply voltage Vdd 131 to integrated circuit 100. This supply voltage is sent to various components of integrated circuit 100, including but not limited to low power mode circuit 120 and SRTC module 140. Low power mode circuit 120 can apply power saving techniques that involve shutting down various components of integrated circuit 100 during low power periods. Low power mode circuit 120 provides a gated supply voltage Vgdd 132 to control module 110, high frequency code generator 80 and high frequency clock generator 70. Vgdd 132 is not provided during low-power periods.
Vdd 131 and even Vgdd 132 can fluctuate or otherwise change. A change in a level of Vdd 131 or Vgdd 132 can cause supply voltage induced changes of input signals provides to one or more inputs ports 50(1)-50(k) of SRTC module 140. These changes should be filtered out.
High frequency code generator 80 is connected to high frequency clock generator 70, control module 110 and control input 50(p) of SRTC module 140. It generates a predefined high frequency code (denoted CODE 133) and sends it to control input 50(p) while it receives an enabling signal (denoted EN 134) from control module 110 and while it receives a high frequency clock signal (for example a 20-30 Mega Hertz clock signal) from high frequency clock generator 70. Once the provision of enabling signal EN 134 stops the high frequency code generator 80 stops generating the predefined high frequency code, even if it was in the middle of generating such a code.
During low power periods control module 110, high frequency code generator 80, and high frequency clock generator 70 are disabled and the predefined high frequency code can not be sent to SRTC module 140.
The predefined high frequency code is used to unlock inputs 50(1)-50(k) of SRTC module 140. It has a frequency that is higher than the maximal frequency of supply voltage induced changes of an input signal that is provided to control input 50(p). The high frequency can be few tens of megahertz while the maximal frequency of supply voltage induced changes is below one megahertz. The maximal frequency of the supply voltage induced changes is limited by the maximal frequency of voltage supply level changes. These changes are bounded by the relatively large capacitance of the voltage supply grid.
SRTC module 140 includes high pass filter 66 that is connected between control input port 50(p) and controller 60. High pass filter 66 filters out supply voltage induced changes of an input signal that is provided to control input port 50(p) and passes the high frequency predefined code.
Control module 110 controls integrated circuit 100 or at least some portions of integrated circuit 100. It is shut down during low power periods. It can determine when SRTC module 140 should be unlocked and send enabling signal EN 134 to high frequency code generator 80. It can also write information (such as bit not limited to commands) to inputs 50(1)-50(k) of SRTC module 140.
Input ports 50(1)-50(k) of SRTC module 140 are connected to mask 30. Mask 30 is also connected to controller 60, to monitor 40 and to registers 62.
Controller 60 determines whether mask 60 should mask input signals that are receives over inputs 50(1)-50(k) or to unmask these input signals. Inputs ports 50(1)-50(k) are locked or isolated when mask 30 masks these input signals. Input ports 50(1)-50(k) are unlocked when mask 30 is transparent and unmasks these input signals.
Controller 60 also controls SRTC generator 90 in response to control information. The control information can be provided over input ports 50(1)-50(k) and can then be stored in registers 62. The control of SRTC generator 90 can involve determining the frequency of the SRTC signal CLK 141, halting SRTC generator 90, renewing the operation of SRTC generator 90 and the like.
SRTC module 140 can be programmed, by programming sequences. These programming sequences do not occur during low power periods. A programming sequence can include multiple commands that are spaced apart in time. The timing associated with a programming sequence (for example the timing gap between one command to another), are known in advance or can be estimated with a reasonable accuracy. SRTC module 140 should remain unlocked during the programming sequence, but should be locked during other periods. This can be guaranteed by determining a first duration (that is responsive to timing of a programming sequence) and locking SRTC module 140 if input ports 50(1)-50(k) are idle during at least that first duration.
The first duration is shorter and even much shorter than the duration of a typical low power period. For example, the first duration can be shorter than few percents (for example shorter than 5%) of a low power period. A low power period can exceed one hundred milliseconds and can be much longer while the first duration can be few milliseconds.
Monitor 40 is connected to the output ports of mask 30. When mask 30 is transparent the activity of the output ports of mask 30 reflects the activity of input ports 50(1)-50(k). When mask 30 masks the input signals (when the input ports are locked) monitor 40 does not sense any activity. Accordingly, monitor 40 ignores supply voltage induced changes of input signals introduced when SRTC module 140 is locked.
Controller 60 is also adapted to unlock input ports 50(1)-50(k) by instructing mask 30 to be transparent if, after these input ports are locked, a predefined high frequency code is received over control input port 50(p) of SRTC module 140. This high frequency code is high pass filtered by high pass filter 66.
Mask 30 is controlled by controller 60. It masks input signals when SRTC module 140 is locked and is transparent when SRTC module 140 is unlocked. Mask 30 can include various circuits such as bit not limited to AND gates, OR gates, XOR gates, and the like.
The type of logic gates of mask 30 are designed according to the level of an isolation signal (denoted ISOLATE 135) that should cause an isolation of input ports 50(1)-50(k). For example, if a high level (or “1”) isolation signal 135 should trigger the masking then the logic gates can be a combination of inverters and AND gates. In such a case the logic gate can be a NAND gate and the input signal can be passed through an inverter. In the example of FIG. 1 mask 30 includes logic gates 30(1) and 30(k) that are AND gates, each AND gate includes an inverting input port that receives isolation signal 135 such that when isolation signal is “high” mask 30 masks the input signals.
FIG. 2 schematically shows an example of an embodiment of method 200 for protecting a SRTC module.
Method 200 starts by stages 214 and 230.
Stage 214 includes monitoring the input ports of an SRTC module to determine an activity of the input port. An input port is deemed active during a period that it received input signals that change over time.
Stage 214 conveniently includes stage 215 of monitoring output ports of a mask that is connected to the input ports of the SRTC module, in order to determine an activity of the multiple input ports of the SRTC module. Stage 215 can include ignoring supply voltage induces changes of input signals that are introduced while the multiple input ports of the SRTC module are locked. The mask is used to selectively lock the input ports of the SRTC module.
Stage 214 is followed by stage 210 of locking multiple input ports of the SRTC module if the multiple input ports of the SRTC module are idle during at least a first duration. Stage 210 can also include stage 212 of locking the multiple input ports of the SRTC module by applying a mask on input signals provided to the multiple input ports of the SRTC.
Method 200 also includes either one of stages 242 and 244. Stages 242 and 244 can follow stage 210. Stage 220 can be followed by stage 214.
Stage 242 includes generating the high frequency code by a high frequency code generator that is idle during each low-power period. Conveniently, the multiple input ports of the SRTC module are idle during at least one low-power period, each low-power period being longer than the first duration. Stage 242 can also include stage 246 of generating the high frequency code by a high frequency code generator as long as the high frequency code generator receives an enabling signal that is received only during periods that differ from low-power periods.
Stage 244 includes receiving the high frequency code by a high frequency code generator that is idle during the low power period. Conveniently, the multiple input ports of the SRTC module are idle during at least one low-power period, each low-power period being substantially longer than the first duration.
Stage 244 can include generating the high frequency code by a high frequency code generator as long as the high frequency code generator receives an enabling signal that is received only during periods that differ from low-power periods.
Stages 242 and 244 are followed by stage 220 of unlocking the multiple input ports of the SRTC module if a predefined high frequency code is received over a control input port of the SRTC module. Changes in a supply voltage results in a supply voltage induced changes of an input signal provided to an input port of the SRTC module. A maximal frequency of the supply voltage induced changes of the input signal is lower than the high frequency of the predefined high frequency code.
Stage 220 can include stage 222 of unmasking the input signals provided to the input ports of the SRTC module. Stage 222 can also include of high pass filtering signals sent over the control input port so as to filter out supply voltage induced changes.
Stage 230 includes providing an SRTC signal when the multiple input ports of the SRTC module are locked and when the multiple input ports of the SRTC module are unlocked.
FIG. 3 schematically shows an example of an embodiment of method 300 for protecting a SRTC module.
Referring to the example of FIG. 1, method 300 is executed by protection module 130.
Method 300 starts by stage 302 of checking is any input port of the SRTC module is active. This stage is repeated until no input port of the SRTC module is active. Once the answer is negative stage 302 is followed by stage 304 of checking whether a first duration has lapsed since the last activity on one or more (or even all) input ports of the SRTC module. If the answer is negative stage 304 is followed by stage 302, else it is followed by stage 306 of locking multiple input ports of the SRTC module.
Stage 306 is followed by stage 308 of checking if a predefined high frequency code was received via a control input port of the SRTC module (after the multiple input ports of the SRTC module were locked). Stage 308 is repeated until receiving a positive answer and then it is followed by stage 310 of unlocking the multiple input ports of the SRTC module. Stage 310 is followed by stage 302.
Although the invention has been described with respect to specific conductivity types or polarity of potentials, skilled artisans appreciated that conductivity types and polarities of potentials may be reversed.
Furthermore, those skilled in the art will recognize that boundaries between the functionality of the above described operations merely illustrative. The functionality of multiple operations may be combined into a single operation, and/or the functionality of a single operation may be distributed in additional operations. Moreover, alternative embodiments may include multiple instances of a particular operation, and the order of operations may be altered in various other embodiments.
Thus, it is to be understood that the architectures depicted herein are merely exemplary, and that in fact many other architectures can be implemented which achieve the same functionality. In an abstract, but still definite sense, any arrangement of components to achieve the same functionality is effectively “associated” such that the desired functionality is achieved. Hence, any two components herein combined to achieve a particular functionality can be seen as “associated with” each other such that the desired functionality is achieved, irrespective of architectures or intermedial components. Likewise, any two components so associated can also be viewed as being “operably connected,” or “operably coupled,” to each other to achieve the desired functionality.
In addition, the invention is not limited to physical devices or units implemented in non-programmable hardware but can also be applied in programmable devices or units able to perform the desired device functions by operating in accordance with suitable program code. Furthermore, the devices may be physically distributed over a number of apparatuses, while functionally operating as a single device. For example,
However, other modifications, variations, and alternatives are also possible. The specifications and drawings are, accordingly, to be regarded in an illustrative rather than in a restrictive sense.
Furthermore, the terms “a” or “an,” as used herein, are defined as one or more than one. Also, the use of introductory phrases such as “at least one” and “one or more” in the claims should not be construed to imply that the introduction of another claim element by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim element to inventions containing only one such element, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an.” The same holds true for the use of definite articles. Unless stated otherwise, terms such as “first” and “second” are used to arbitrarily distinguish between the elements such terms describe. Thus, these terms are not necessarily intended to indicate temporal or other prioritization of such elements. The mere fact that certain measures are recited in mutually different claims does not indicate that a combination of these measures cannot be used to advantage.

Claims (19)

1. A method for protecting a secured real time clock module, the method comprises:
locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration;
unlocking the multiple input ports of the secured real time clock module if a predefined high frequency code is received over a control input port of the secured real time clock module; and
providing a secured real time clock signal when the multiple input ports of the secured real time clock module are locked and when the multiple input ports of the secured real time clock module are unlocked;
wherein changes in a supply voltage results in a supply voltage induced changes of an input signal provided to an input port of the multiple input ports of the secured real time clock module;
wherein a maximal frequency of the supply voltage induced changes of the input signal is lower than a high frequency of the predefined high frequency code.
2. The method according to claim 1 wherein the multiple input ports of the secured real time clock module are idle during at least one low-power period, each low-power period of the at least one low-power period being longer than the first duration;
wherein the method comprises generating the predefined high frequency code by a high frequency code generator that is idle during the each low-power period of the at least one low-power period.
3. The method according to claim 1 wherein the multiple input ports of the secured real time clock module are idle during at least one low-power period, the each low-power period of the at least one low-power period being longer than the first duration;
wherein the method comprises receiving the predefined high frequency code by a high frequency code generator that is idle during the at least one low-power period.
4. The method according to claim 1 comprising generating the predefined high frequency code by a high frequency code generator as long as the high frequency code generator receives an enabling signal that is received only during periods that differ from low-power periods.
5. The method according to claim 1 comprising locking the multiple input ports of the secured real time clock module by applying a mask on input signals provided to the multiple input ports of the secured real time clock module; and
wherein the unlocking comprises unmasking the input signals.
6. The method according to claim 1 comprising:
locking the multiple input ports of the secured real time clock module by masking multiple input signals; and
monitoring output ports of a mask in order to determine an activity of the multiple input ports of the secured real time clock module, while ignoring supply voltage induced changes of input signals that are introduced while the multiple input ports of the secured real time clock module are locked.
7. The method according to claim 1 comprising high pass filtering signals sent over the control input port so as to filter out the supply voltage induced changes.
8. A device having secured real time clock module protection capabilities, the device comprises a secured real time clock module; the secured real time clock module comprises:
a controller, coupled to a real time clock generator, adapted to control the real time clock generator in response to control information;
a protection module, coupled to the controller and to multiple input ports of the secured real time clock module, the protection module locks the multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration; and unlock the multiple input ports of the secured real time clock module if a predefined high frequency code is received over a control input port of the secured real time clock module; and
the real time clock generator, adapted to generate a real time clock signal when the multiple input ports of the secured real time clock module are locked and when the multiple input ports of the secured real time clock module are unlocked;
wherein changes in a supply voltage results in a supply voltage induced changes of an input signal provided to an input port of the multiple input ports of the secured real time clock module;
wherein a maximal frequency of the supply voltage induced changes of the input signal is lower than a high frequency of the predefined high frequency code.
9. The device according to claim 8 wherein the multiple input ports of the secured real time clock module are idle during at least one low-power period, each low-power period of the at least one low-power period being longer than the first duration;
wherein the device further comprises a high frequency code generator that is idle during the each low-power period of the at least one low-power period and is adapted to generate the high frequency code.
10. The device according to claim 9 wherein high frequency code generator generates the high frequency code while it receives an enabling signal; wherein the enabling signal is received only during periods that differ from low-power periods.
11. The device according to claim 8 wherein the protection module comprises a mask; wherein the mask is adapted to mask input signals provided to the multiple input ports of the secured real time clock module; and wherein the mask is adapted to unlock the multiple input ports of the secured real time clock module by unmasking the input signals to the secured real time clock module.
12. The device according to claim 11 comprising a monitor, coupled to output ports of the mask, adapted to monitor the output ports of the mask in order to determine an activity of the multiple input ports of the secured real time clock module, while ignoring supply voltage induced changes of input signals that are introduced while the multiple input ports of the secured real time clock module are locked.
13. The device according to claim 8 comprising a high pass filter adapted to apply a high pass filter operation on signals sent over the control input port so as to filter out the supply voltage induced changes.
14. A method for protecting a secured real time clock module, the method comprises:
locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration;
generating a predefined high frequency code by a high frequency code generator as long as the high frequency code generator receives an enabling signal that is received only during periods that differ from low-power periods; and
unlocking the multiple input ports of the secured real time clock module if the predefined high frequency code is received over a control input port of the secured real time clock module;
wherein a maximal frequency of a supply voltage induced changes of an input signal to the secured real time clock module is lower than a high frequency of the predefined high frequency code.
15. The method according to claim 14 comprising locking the multiple input ports of the secured real time clock module by applying a mask on input signals provided to the multiple input ports of the secured real time clock module; and
wherein the unlocking comprises unmasking the input signals.
16. The method according to claim 14 comprising high pass filtering signals sent over the control input port so as to filter out the supply voltage induced changes.
17. A method for protecting a secured real time clock module, the method comprising:
locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration, wherein the multiple input ports of the secured real time clock module are idle during at least one low-power period, each low-power period of the at least one low-power period being longer than the first duration;
generating a predefined high frequency code by a high frequency code generator that is idle during the each low-power period of the at least one low-power period; and
unlocking the multiple input ports of the secured real time clock module if the predefined high frequency code is received over a control input port of the secured real time clock module;
wherein a maximal frequency of a supply voltage induced changes of an input signal to the secured real time clock module is lower than a high frequency of the predefined high frequency code.
18. A method for protecting a secured real time clock module, the method comprising:
locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration, wherein the multiple input ports of the secured real time clock module are idle during at least one low-power period, the each low-power period of the at least one low-power period being longer than the first duration;
receiving a predefined high frequency code by a high frequency code generator that is idle during the at least one low-power period; and
unlocking the multiple input ports of the secured real time clock module if the predefined high frequency code is received over a control input port of the secured real time clock module;
wherein a maximal frequency of a supply voltage induced changes of an input signal to the secured real time clock module is lower than a high frequency of the predefined high frequency code.
19. A method for protecting a secured real time clock module, the method comprising:
locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration; unlocking the multiple input ports of the secured real time clock module if a predefined high frequency code is received over a control input port of the secured real time clock module;
wherein a maximal frequency of a supply voltage induced changes of an input signal to the secured real time clock module is lower than a high frequency of the predefined high frequency code;
locking the multiple input ports of the secured real time clock module by masking multiple input signals; and
monitoring output ports of a mask in order to determine an activity of the multiple input ports of the secured real time clock module, while ignoring supply voltage induced changes of input signals that are introduced while the multiple input ports of the secured real time clock module are locked.
US12/163,610 2008-06-27 2008-06-27 Method for protecting a secured real time clock module and a device having protection capabilities Active 2030-12-04 US8171336B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/163,610 US8171336B2 (en) 2008-06-27 2008-06-27 Method for protecting a secured real time clock module and a device having protection capabilities

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/163,610 US8171336B2 (en) 2008-06-27 2008-06-27 Method for protecting a secured real time clock module and a device having protection capabilities

Publications (2)

Publication Number Publication Date
US20090327795A1 US20090327795A1 (en) 2009-12-31
US8171336B2 true US8171336B2 (en) 2012-05-01

Family

ID=41449057

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/163,610 Active 2030-12-04 US8171336B2 (en) 2008-06-27 2008-06-27 Method for protecting a secured real time clock module and a device having protection capabilities

Country Status (1)

Country Link
US (1) US8171336B2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8938796B2 (en) 2012-09-20 2015-01-20 Paul Case, SR. Case secure computer architecture
US9015838B1 (en) * 2012-05-30 2015-04-21 Google Inc. Defensive techniques to increase computer security
US9251341B1 (en) 2012-05-30 2016-02-02 Google Inc. Defensive techniques to increase computer security
US9268972B2 (en) 2014-04-06 2016-02-23 Freescale Semiconductor, Inc. Tamper detector power supply with wake-up

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2973137A4 (en) 2013-03-13 2016-10-19 Intel Corp Method and apparatus for hardware-assisted secure real time clock management
US9135472B2 (en) 2013-10-31 2015-09-15 Square, Inc. Systems and methods for secure processing with embedded cryptographic unit
US10410202B1 (en) * 2016-12-31 2019-09-10 Square, Inc. Expedited booting with brownout monitoring
US10410189B2 (en) 2017-09-30 2019-09-10 Square, Inc. Scanning system with direct access to memory

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4628400A (en) * 1984-02-03 1986-12-09 Techne Electronics Ltd. Electronic keyed lock
EP0150480B1 (en) 1984-01-16 1991-03-20 Itt Industries, Inc. Power-on reset pulse generator
US5920727A (en) 1993-10-27 1999-07-06 Elonex I.P. Holdings Ltd. Timer-controlled computer system shutdown and startup
US6069850A (en) * 1998-03-18 2000-05-30 International Business Machines Corporation Method and apparatus for driving a battery-backed up clock while a system is powered-down
US20020083284A1 (en) 2000-12-26 2002-06-27 Takanobu Matsubara Data reproduction system, data recorder and data reader preventing fraudulent usage by monitoring reproducible time limit
US20040128528A1 (en) 2002-12-31 2004-07-01 Poisner David I. Trusted real time clock
US6772361B1 (en) * 2000-07-10 2004-08-03 Advanced Micro Devices, Inc. Real time clock (RTC) having several highly desirable timekeeping dependability and security attributes, and methods for accessing a register thereof
US20040225439A1 (en) 2001-10-30 2004-11-11 Gronemeyer Steven A. Method and apparatus for real time clock (rtc) brownout detection
US20060007616A1 (en) 2004-07-07 2006-01-12 Micron Technology, Inc. Power supply voltage detection circuitry and methods for use of the same
US20060053314A1 (en) * 2004-09-06 2006-03-09 Oki Electric Industry Co., Ltd. Semiconductor circuit with mask register
US7733117B1 (en) * 2007-11-20 2010-06-08 Freescale Semiconductor, Inc. Method for protecting a security real time clock generator and a device having protection capabilities

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0150480B1 (en) 1984-01-16 1991-03-20 Itt Industries, Inc. Power-on reset pulse generator
US4628400A (en) * 1984-02-03 1986-12-09 Techne Electronics Ltd. Electronic keyed lock
US5920727A (en) 1993-10-27 1999-07-06 Elonex I.P. Holdings Ltd. Timer-controlled computer system shutdown and startup
US6069850A (en) * 1998-03-18 2000-05-30 International Business Machines Corporation Method and apparatus for driving a battery-backed up clock while a system is powered-down
US6772361B1 (en) * 2000-07-10 2004-08-03 Advanced Micro Devices, Inc. Real time clock (RTC) having several highly desirable timekeeping dependability and security attributes, and methods for accessing a register thereof
US20020083284A1 (en) 2000-12-26 2002-06-27 Takanobu Matsubara Data reproduction system, data recorder and data reader preventing fraudulent usage by monitoring reproducible time limit
US20040225439A1 (en) 2001-10-30 2004-11-11 Gronemeyer Steven A. Method and apparatus for real time clock (rtc) brownout detection
US20040128528A1 (en) 2002-12-31 2004-07-01 Poisner David I. Trusted real time clock
US20060007616A1 (en) 2004-07-07 2006-01-12 Micron Technology, Inc. Power supply voltage detection circuitry and methods for use of the same
US20060053314A1 (en) * 2004-09-06 2006-03-09 Oki Electric Industry Co., Ltd. Semiconductor circuit with mask register
US7733117B1 (en) * 2007-11-20 2010-06-08 Freescale Semiconductor, Inc. Method for protecting a security real time clock generator and a device having protection capabilities

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9015838B1 (en) * 2012-05-30 2015-04-21 Google Inc. Defensive techniques to increase computer security
US9251341B1 (en) 2012-05-30 2016-02-02 Google Inc. Defensive techniques to increase computer security
US8938796B2 (en) 2012-09-20 2015-01-20 Paul Case, SR. Case secure computer architecture
US9122633B2 (en) 2012-09-20 2015-09-01 Paul Case, SR. Case secure computer architecture
US9268972B2 (en) 2014-04-06 2016-02-23 Freescale Semiconductor, Inc. Tamper detector power supply with wake-up

Also Published As

Publication number Publication date
US20090327795A1 (en) 2009-12-31

Similar Documents

Publication Publication Date Title
US8171336B2 (en) Method for protecting a secured real time clock module and a device having protection capabilities
Gnad et al. Voltage drop-based fault attacks on FPGAs using valid bitstreams
US6622184B1 (en) Information processing system
US6272637B1 (en) Systems and methods for protecting access to encrypted information
US7072211B2 (en) Systems and methods for write protection of non-volatile memory devices
EP1066555B1 (en) Integration of security modules in an integrated circuit
US8892837B2 (en) Integrated circuit with tamper-detection and self-erase mechanisms
JP2006505798A (en) Method and apparatus for security scanning test
US20130188437A1 (en) Hardware write-protection
US7733117B1 (en) Method for protecting a security real time clock generator and a device having protection capabilities
US10049234B2 (en) Secure access management of devices
US9696772B2 (en) Controlling access to a memory
WO2008017796A1 (en) Apparatus and method for performing integrity checks on software
US20110154478A1 (en) Electronic device security
WO2018103275A1 (en) Soc chip having debugging interface security mechanism, and method
US10452844B2 (en) Protecting isolated secret data of integrated circuit devices
US8245068B2 (en) Power supply monitoring method and system
Nisarga et al. System-level tamper protection using MSP MCUs
EP3430627B1 (en) Controlling a transition between a functional mode and a test mode
Gross et al. Fpganeedle: Precise remote fault attacks from fpga to cpu
KR20210113289A (en) Detection of frequency manipulation of the secure timebase
Farag et al. Smart employment of circuit redundancy to effectively counter trojans (SECRET) in third-party IP cores
KR20100060212A (en) Integrated circuit device including noise filter
US20240184735A1 (en) Secure Serial Peripheral Interface Communication
US20240111862A1 (en) Detecting and responding to environmental condition-induced security attacks on semiconductor packages

Legal Events

Date Code Title Description
AS Assignment

Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PRIEL, MICHAEL;KUZMIN, DAN;ZALTZMAN, AMIR;REEL/FRAME:021184/0954

Effective date: 20080526

AS Assignment

Owner name: CITIBANK, N.A., NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:021570/0449

Effective date: 20080728

Owner name: CITIBANK, N.A.,NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:021570/0449

Effective date: 20080728

AS Assignment

Owner name: CITIBANK, N.A.,NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024085/0001

Effective date: 20100219

Owner name: CITIBANK, N.A., NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024085/0001

Effective date: 20100219

AS Assignment

Owner name: CITIBANK, N.A., AS COLLATERAL AGENT,NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024397/0001

Effective date: 20100413

Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024397/0001

Effective date: 20100413

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YOR

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:030633/0424

Effective date: 20130521

AS Assignment

Owner name: CITIBANK, N.A., AS NOTES COLLATERAL AGENT, NEW YOR

Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:031591/0266

Effective date: 20131101

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS

Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037356/0143

Effective date: 20151207

Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS

Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037354/0719

Effective date: 20151207

Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS

Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037356/0553

Effective date: 20151207

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:037486/0517

Effective date: 20151207

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:037518/0292

Effective date: 20151207

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: SUPPLEMENT TO THE SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:039138/0001

Effective date: 20160525

AS Assignment

Owner name: NXP, B.V., F/K/A FREESCALE SEMICONDUCTOR, INC., NETHERLANDS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:040925/0001

Effective date: 20160912

Owner name: NXP, B.V., F/K/A FREESCALE SEMICONDUCTOR, INC., NE

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:040925/0001

Effective date: 20160912

AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:040928/0001

Effective date: 20160622

AS Assignment

Owner name: NXP USA, INC., TEXAS

Free format text: CHANGE OF NAME;ASSIGNOR:FREESCALE SEMICONDUCTOR INC.;REEL/FRAME:040652/0180

Effective date: 20161107

AS Assignment

Owner name: NXP USA, INC., TEXAS

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE NATURE OF CONVEYANCE LISTED CHANGE OF NAME SHOULD BE MERGER AND CHANGE PREVIOUSLY RECORDED AT REEL: 040652 FRAME: 0180. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER AND CHANGE OF NAME;ASSIGNOR:FREESCALE SEMICONDUCTOR INC.;REEL/FRAME:041354/0148

Effective date: 20161107

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE PATENTS 8108266 AND 8062324 AND REPLACE THEM WITH 6108266 AND 8060324 PREVIOUSLY RECORDED ON REEL 037518 FRAME 0292. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT AND ASSUMPTION OF SECURITY INTEREST IN PATENTS;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:041703/0536

Effective date: 20151207

AS Assignment

Owner name: SHENZHEN XINGUODU TECHNOLOGY CO., LTD., CHINA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE TO CORRECT THE APPLICATION NO. FROM 13,883,290 TO 13,833,290 PREVIOUSLY RECORDED ON REEL 041703 FRAME 0536. ASSIGNOR(S) HEREBY CONFIRMS THE THE ASSIGNMENT AND ASSUMPTION OF SECURITYINTEREST IN PATENTS.;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:048734/0001

Effective date: 20190217

AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:050744/0097

Effective date: 20190903

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE APPLICATION11759915 AND REPLACE IT WITH APPLICATION 11759935 PREVIOUSLY RECORDED ON REEL 037486 FRAME 0517. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT AND ASSUMPTION OF SECURITYINTEREST IN PATENTS;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:053547/0421

Effective date: 20151207

AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVEAPPLICATION 11759915 AND REPLACE IT WITH APPLICATION11759935 PREVIOUSLY RECORDED ON REEL 040928 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITYINTEREST;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:052915/0001

Effective date: 20160622

AS Assignment

Owner name: NXP, B.V. F/K/A FREESCALE SEMICONDUCTOR, INC., NETHERLANDS

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVEAPPLICATION 11759915 AND REPLACE IT WITH APPLICATION11759935 PREVIOUSLY RECORDED ON REEL 040925 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITYINTEREST;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:052917/0001

Effective date: 20160912

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12